NOD32 catches all the big viruses, what about the small ones?

Well it has gotten many award from Virus Bulletin for many years to have never missed an in the wild virus! great! so i bought it and have been a loyal user for years thinking my system is rock solid and protected.

Only to be surprised by something fishy running on my system while NOD32 is running and always updated! a file called ndt.sys! it's a malware according to a search on google that NOD32 never informed me of! so here's the surprise! I uninstalled NOD32 and installed AVG Free Anti Virus! and guess what!

It caught many viruses in my system!

LimeWire was reported as malware
KGB Keylogger
YouTube Video Downloader
Wireless KeyView
Acronis keygen
etc..

I uninstalled AVG and reinstalled version 3.xxx.566 of NOD32 back on my system (Windows Vista Business)

But am very scared now and doubt ful about teh greatness of teh NOD32

 

2 days ago I had it happen to me. my computer was not acting right, so just to ease my mind i uninstalled nod32 3.0566 and installed Avast to double check nods 0 detection on its scan. Guess what i did have 2 viruses (win32ctx & civil defence). Avast was my AV before nod32 and now is again. I like nods liteness but i never had that happen before.

 

Doesn't inspire confidence.

But I already know what the official ESET retort will be:

"No Antivirus product guarantee's to catch 100% of Viruses"

Which is fair enough, but then why do other free products manage to find and clean viruses that NOD lets slip through?

 

First of all did you enable these features of nod32:
- Potentially unwanted applications
- Potentially unsafe applications

And those examples given by you is NOT a virus and will do no harm to your system except maybe the keylogger. If the keylogger is on your system without your knowledge then it could do harm, but if you know about it and actually use it it does no harm.
For the rest of your examples those programs is most likely something you want to keep and actually use. None of those do any harm and fit in the category "Potentially unwanted applications", but it's for sure not a virus. Do you actually want your antivirus to remove limewire, youtube video downloader and wireless keyview or do you use those applications and want to keep them?

You should check why AVG detect those applications and not just assume it's a virus which is not. Antivirus software detect much more then virus and what is detected depend on your settings as well. Virus, trojans and worms is some examples of stuff that cause damage to your system or put your computer at risk. Limewire and YouTube video downloader is not a virus, but maybe to be considered as potentially unwanted application. In most cases people that installed those applications actually want to use them and would not define them as unwanted. Actually i would say that youtube video download is just as safe as any other application and should not be detected as a threat.

It make sense if nod32 detect the keylogger as a threat (and maybe it does as well if you enable unsafe/unwanted applications), but for me it make no sense if nod32 detect the other applications as a threat. I would say detecting "YouTube Video Downloader" as a threat is unwanted behavior of an antivirus application. In that case word and excel could be a threat as well. For your Acronis Keygen that is not a threat, but a keygen used for illegal usage of an application and therefore detected as unwanted by some AV software. I guess the reason why you have this keygen is because you don't have a legal version of some Acronis software? So even if the usage of this keygen is illegal i assume you actually want to keep it? Malware is also something you normally don't want on your computer, but it's not the same as a virus that cause damage.

For the file ndt.sys i don't know what it is and maybe you are right it should have been detected.....don't know what it is so cannot tell.

I have seen several discussions if a antivirus should detect stuff like limewire, toolbars and youtube video download as a threat and there is a lot of opinions since those applications doesn't do any harm and fit better in the category "Potentially unwanted applications". AV software that detect almost everything as malware some find to be pretty annoying and some like it that way. AV software from different vendors work a bit different and if you are not happy with the detection of nod32 you could try another product. But you should remember that the best AV software isn't necessarily the one that detect most threats, but the one that detect the real threats with few false positives. This is the hard part since there is no right and wrong and all about opinions except with virus, worms, trojans and stuff like that which is created for one purpose only. In this case i'm pretty sure you don't want your antivirus software to prevent you from using limewire and youtube video downloader? So would AVG be a better choice for you?

 

Mine where on ( Potentially unwanted applications
Potentially unsafe applications) on all the setups.

 

Well I did enable the option to detect unwanted applications.

As for ntd.sys and many other .sys files that were automatically being run at start up that I cannot remember now coz I formatted sine that hapened, according to google they are very dangerous and send information from your system to unknown sources! someone explain why NOD32 didn't catch them? that was m major disappointment to be honest, whereas the keygen, limewire, keylogger, wireles key view, never did cause any trouble.
But neither did NOD32 nor Ad-Aware 2007 Pro catch ndt.sys!

 

Well for the ntd.sys that might be something that should have been detected. In deanmartins case that also sound like real threats, but the other examples is no real threats in my opinion except maybe the keylogger as i said.

There is no one that can give you any good explanation why it was not detected except the obvious which is nod32 didn't have the signature to detect the threat (assuming nod32 was actually working properly on your computer). Follow the instructions from eset and send a sample is the best thing to do. Then you help eset to make the detection better and that way help other nod32 users as well. You won't get any further explanation here why it was not detected since there isn't much more to say.

You probably read the "No Antivirus product guarantee's to catch 100% of Viruses" before in this forum and that is the fact even if it might be a bit boring reading this over and over again. A friend of mine had to reinstall his computer because of a virus when using norton antivirus so this could happen using any AV software. Which one is the best and most secure.....i don't think anyone can say for sure, but if you feel safer using AVG or some other av software i think you should use that one instead of nod32. No one can say for sure what is the best to use so reading different antivirus software test/reviews, your personal experience and what you believe is the best should decide. You could also listen to advice from others, but in this forum which is the official eset support forum i guess a lot of people prefer nod32. If you go to some other official AV software forum you will probably see the same thing.

I used Symantec AV Corp Edition (not Norton antivirus for home users) before i switched to nod32 and had no problems with either so could recommend both. The reason why i changed to nod32 is because it use less resources and for me seems to work very good. I still use version 2.7 though because of the bugs in 3.0 and unless the detection is better using 3.0 i cannot see why i should upgrade to a version that use more memory with a new GUI.

 

I cant say that i'll never go back to nod. Im just going to give em more time.

 

till this point of time....Avast and AVG did a better job than NOD32! and guess what? they're free!

this said from an official NOD32 fan / owner

kthxbye

 

What is ntd.sys?

I tried to google it and I couldn't find any information on it

 

The unsafe files using this name are associated with the malware group Win32.Rootkit.Gen.Some files using the name NDT.SYS are also associated with the malware group:


Generic.Rootkit

These files may have the following Vendor, Product, Version Information in the file header ; ; 1.0.0.0
The following Vendor, Product, Version Information has also been reported:
; ; 2.0.1.66 ; ; 2.0.1.38 ; ; 2.0.1.88


NDT.SYS has been seen to perform the following behavior(s):
Can communicate with other computers using TCP protocols This Process Deletes Other Processes From Disk Can communicate with other computer systems using HTTP protocols Executes a Process Modifies the Windows Host File which could be used to stop you visiting specific web sites by redirecting you to alternative addresses without you knowing Terminates Processes Adds a Registry Key (RUN) to auto start Programs on system start up Registers a Dynamic Link Library File Writes to another Process's Virtual Memory (Process Hijacking) This Process Creates Other Processes On Disk

NDT.SYS has been the subject of the following behavior(s):
Created as a process on disk Executed as a Process Deleted as a process from disk Writes to another Process's Virtual Memory (Process Hijacking) Terminated as a Process

NDT.SYS can also use the following file names:


WMIPRVES[2].EXE WMIPRVES[1].EXE NDT2.SYS 31072677.SYS 33201795.SVD NDT2SUSPECT.SYS 75062483.SYS 03410126.SYS 84733211.SYS 79840294.SYS

 

To avoid speculations whether ntd.sys is legit or malware, please submit it to samples[at]eset.com with this thread's url so that we can check it out.

 

too late. i've formatted my system long back dude

 

I used AVG during a rebuild (waiting for my current AV licence to be resent). AVG found the licence key for rFactor, reported it as spyware and deleted it.(it found the Trymedia.adware spyware file but deleted the folder it was in, rather than the file itself). AVG maybe great at finding oddities, but extreme care needs to be used with it.

 

It depend what you define as a better job. Finding YouTube Video Downloader as a threat is not part of a good job i think. I'm not going to start a nod32 vs avg discussion since that is pointless, but i think this is all about opinions, personal experience and what everyone prefer. A couple of examples doesn't really say anything about how good the AV software work.

 

Try having a look over at AV Comparatives and Virus Bulletin, check out the current state of play and go back over the history of all three you mentioned and see if you still feel you can make this assertion.

 

NOD32 didn't saw this virus

Yesterday I had a virus on my PC that uninstalled NOD32 silently!
I had to reinstall Vista because of it

After reinstalling Vista, I analyzed the Virus, and guess what, NOD32 does not detect it as virus where other scanners do.

Results from http://www.virustotal.com

VirusTotal results removed per this policy.

What I don't understand is that NOD32 is supposted to be a very good scanner as can be read in many tests, but why doesn't it see these Trojan/Downloader.Bagle.fx/ft variants. These aren't small viruses if I'm correct.

 

Re: NOD32 didn't saw this virus

As you can see in the results, the file was scanned with v. 2655 (issued on Nov 13th) - more than a week ago. I have tested it now and all Bagle samples were actually detected.

 

Agreed. Amazing how hard data does not convince certain users that NOD32 is at the top of the list along with Avira for best overall protection (signatures + heuristics).

 

Re: NOD32 didn't saw this virus

No. That last result (not mine but from someone else) was from 13 Nov, and the virus was from at max 13 Nov (or earlier). (Dutch: http://gathering.tweakers.net/forum/list_message/29079824#29079824 )

So at that time (13 nov), the latest update (of 13 nov) of NOD32 didn't saw where other scanners did at 13 nov.

I scanned my virus samples (the first 2 results) yesterday with both NOD32V3 with latest virus updates and with NOD32 from Virustotal.com, and neither instances of NOD32 didn't detected it as Virus.

If NOD32 does see it now, than thats probably because I submitted the virus yesterday to NOD32.
(At the moment I'm running Kaskersky.)

 

I also find comparitive data very valuable, but when you have an experience in where you trust a certain scanner because of comparitive data, and then get infected by a variant of a major known virus (TrojanDownloader.Bagle.*), you'll scratch your head and think: how is this possible, why did the other scanners do see that virus while I'm using a top-scanner. It makes you uninstall the scanner and install a scanner that did detect the virus. And makes you wonder if the comparitive data is simply to old (even thought it is only some months old).

 

I just tested to see if the Online Scanner of NOD32 (http://www.eset.com/onlinescan) sees the virus sample of Trojan-Downloader.Win32.Bagle.fx. Well... it still doesn't.

 

I'm not aware of any undetected Bagle. If you have one, please send it in a password protected archive to samples[at]eset.com with this thread's url in the subject.

 

Check your mail
I've just put the 2 samples in it.

 

Nod32 also misses a lot on trojans. Kaspersky's Online Scanner detected a lot of trojans that nod32 missed. I am unhappy with nod32 & would never renew my license again. I even had all the trojans quarantined in my kaspersky that I downloaded after the online scanner detected a lot of it. How do you explain that.? Nod32 is really a lot of hype & is very overated. I also scanned the sample in VIRUS TOTAL & a lot of scanners(9 & above) detected the sample a trojan, talk about nod32 being a blind scanner. Nod32 loses this customer by the way & would never believe in it again.
To think that I was even using the new & improved version 3.0.566.0 & it failed me.!!!